Cyber-security has emerged as a major challenge for businesses large and small. It increasingly impacts e-commerce, data management, employee collaboration, and a variety of other tasks and processes. In the end, it affects company growth and bottom-line results. A recently released study conducted by research firm Vanson Bourne and sponsored by CA Technologies, "8 Steps to Modernize Security for the Application Economy," examines security in the emerging app economy, including how companies are adapting to an explosion of Internet-enabled devices. Among other things, the survey found that protections must extend beyond internal systems and employees and out to business partners and consumers. There's also a need to shift away from extensive restrictions and use enabling technologies, such as application programming interfaces (APIs), two-factor authentication and bring-your-own-identity approaches. These tools, according to the report, are critical to achieving innovation and tapping into opportunities. Here are some of the key findings from the survey of 1,425 senior IT and business leaders, including CSOs and CISOs.

It's probably time to rethink this whole notion of work-life balance. With huge numbers of workers saying that they're using their work devices for personal business and using their personal devices to do work, the line between work and personal business is no longer just blurry. It's virtually nonexistent, and IT security teams must pay attention. That's the key takeaway from a recent survey conducted by MSI Research on behalf of Intel Security. MSI interviewed 2,500 professionals in 12 countries to gauge their attitudes about online data protection in the era of mobile business. What they found is that employees are increasingly using their work and personal devices interchangeably, placing the onus on their employers to adequately protect both. "Working wherever and whenever has rapidly become the norm, as employees and employers strive for increased productivity, collaboration and responsiveness," said Candace Worley, a senior vice president at Intel Security. "This can pose significant security risks for organizations, as employees often use whatever network is available to them whether they are sure it's secure or not." In other words, you're letting your mobile employees roam outside of your network unchecked at your own risk.

One of the unfortunate realities of the digital age is that it's impossible to escape the threat of malware. Emails, Websites, and other tools and technologies all too often carry potentially dangerous payloads that can damage or cripple an enterprise. Most recently, Sony Pictures Entertainment discovered just how destructive malware can be and how it can wreck a company's reputation and cause enormous financial losses. Yet, while it's critical to protect against these threats, a new report, "The Cost of Malware Containment in 2015," from Ponemon Institute and malware detection vendor Damballa, reveals that major organizations spend an average of $1.3 million annually responding to erroneous and inaccurate malware alerts. This adds up to about 21,000 hours in wasted time and effort across all systems and devices. The report also provides insights into how enterprises cope with legitimate threats, as well as false positives. The upshot? While the frequency and severity of attacks are growing, IT and security teams must take a more strategic and coordinated approach. "Significant money and time can be saved if organizations have actionable intelligence to prioritize the threats posed by malware," points out Larry Ponemon, chairman and founder of the Ponemon Institute, a research think tank dedicated to advancing privacy and data protection practices.

It's hard to secure what you don't know is there. A recent survey from the Cloud Security Alliance indicates that while organizations are clearly concerned about the security of data residing in cloud services, they also have surprisingly little insight into how much unknown exposure they have on this front. The lack of awareness of shadow IT use of cloud services—which occurs outside of IT's control—and the associated security vulnerabilities appear to be impeding adoption of the cloud. There are indications, however, that organizations are moving to change this paradigm. "As companies move data to the cloud, they are looking to put in place policies and processes so that employees can take advantage of cloud services that drive business growth without compromising the security, compliance and governance of corporate data," says Jim Reavis, CEO of the not-for-profit CSA, which surveyed more than 200 IT, IT security, compliance and audit professionals from around the globe. Rajiv Gupta, CEO of cloud security firm Skyhigh Networks, which sponsored the survey, adds that "This survey illustrates that companies are aware of the consumerization of IT, but have room to more proactively address the security concerns of cloud adoption."

In an era of device and data sprawl, concerns around IT governance are building. A recent survey from Forrester Research, commissioned by data governance vendor Druva, suggests that organizations will increase their focus on governance over the next two years as they try to get a handle on the growing use of mobile devices and cloud applications. Change is expected to occur all over: Mobile devices, apps and content will be looked at more closely; governance models and technologies will be beefed up; and, naturally, costs will increase. Given that other research from Forrester indicates that 20 percent of CIOs will lose their jobs by 2016 for failing to successfully implement information governance, it's no surprise that governance is getting more attention. "With the rise of the mobile workforce, organizations must establish strategies to govern not only corporate and employee-owned mobile devices, but also the multiple channels that are now required to make data available anywhere on any device," said Chandar Venkataraman, chief product officer at Druva. "The increase in complexity is staggering." The survey includes input from more than 200 IT and legal professionals from enterprises with at least 2,000 employees.